GO-2022-0988 — Vulnetix

GO-2022-0988 PUBLISHED

Failure to strip relative path components in net/url

Affected Products

Vendor	Product	Versions
Go	stdlib	1.19.0-0, 1.19.0-0

Timeline

Sep 12, 2022 CVE Published
May 20, 2024 CVE Updated

References

https://groups.google.com/g/golang-announce/c/x49AQzIVX-s url
https://go.dev/issue/54385 report
https://go.dev/cl/423514 patch

Open in Interactive Console →

$ Console Community · 100/wk Open console ›